1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
commit a1d3b04296babc42b6a00956508c86c18e2b39bc
Author: Luke Kanies <luke@madstop.com>
Date: Fri Sep 18 12:09:44 2009 -0700
Fixing #2617 - use the cert name as specified
This allows us to search for a cert, and we use the searched-for
term as the cert name (for the wrapper, not the actual cert object),
rather than the real cert name.
This allows us to use symbolic names like 'ca', as we're currently doing.
Signed-off-by: Luke Kanies <luke@madstop.com>
diff --git a/lib/puppet/indirector/certificate/rest.rb b/lib/puppet/indirector/certificate/rest.rb
index 5999830..6f47c25 100644
--- a/lib/puppet/indirector/certificate/rest.rb
+++ b/lib/puppet/indirector/certificate/rest.rb
@@ -6,4 +6,10 @@ class Puppet::SSL::Certificate::Rest < Puppet::Indirector::REST
use_server_setting(:ca_server)
use_port_setting(:ca_port)
+
+ def find(request)
+ return nil unless result = super
+ result.name = request.key unless result.name == request.key
+ result
+ end
end
diff --git a/spec/integration/indirector/certificate/rest.rb b/spec/integration/indirector/certificate/rest.rb
index 3ebd1e5..71ef443 100755
--- a/spec/integration/indirector/certificate/rest.rb
+++ b/spec/integration/indirector/certificate/rest.rb
@@ -64,6 +64,8 @@ describe "Certificate REST Terminus" do
# There's no good '==' method on certs.
result.content.to_s.should == @host.certificate.content.to_s
- result.name.should == @host.certificate.name
+
+ # also make sure it uses the provided name, rather than the internal one.
+ result.name.should == "bar"
end
end
diff --git a/spec/unit/indirector/certificate/rest.rb b/spec/unit/indirector/certificate/rest.rb
index d5959c4..a325754 100755
--- a/spec/unit/indirector/certificate/rest.rb
+++ b/spec/unit/indirector/certificate/rest.rb
@@ -20,4 +20,38 @@ describe Puppet::SSL::Certificate::Rest do
it "should set port_setting to :ca_port" do
Puppet::SSL::Certificate::Rest.port_setting.should == :ca_port
end
+
+ it "should make sure found certificates have their names set to the search string" do
+ terminus = Puppet::SSL::Certificate::Rest.new
+
+ # This has 'boo.com' in the CN
+ cert_string = "-----BEGIN CERTIFICATE-----
+MIICPzCCAaigAwIBAgIBBDANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQDDAtidWNr
+eS5sb2NhbDAeFw0wOTA5MTcxNzI1MzJaFw0xNDA5MTYxNzI1MzJaMBIxEDAOBgNV
+BAMMB2Jvby5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKG9B+DkTCNh
+F5xHchNDfnbC9NzWKM600oxrr84pgUVAG6B2wAZcdfoEtXszhsY9Jzpwqkvxk4Mx
+AbYqo9+TCi4UoiH6e+vAKOOJD3DHrlf+/RW4hGtyaI41DBhf4+B4/oFz5PH9mvKe
+NSfHFI/yPW+1IXYjxKLQNwF9E7q3JbnzAgMBAAGjgaAwgZ0wOAYJYIZIAYb4QgEN
+BCsWKVB1cHBldCBSdWJ5L09wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMAwG
+A1UdEwEB/wQCMAAwHQYDVR0OBBYEFJOxEUeyf4cNOBmf9zIaE1JTuNdLMAsGA1Ud
+DwQEAwIFoDAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwME
+MA0GCSqGSIb3DQEBBQUAA4GBAFTJxKprMg6tfhGnvEvURPmlJrINn9c2b5Y4AGYp
+tO86PFFkWw/EIJvvJzbj3s+Butr+eUo//+f1xxX7UCwwGqGxKqjtVS219oU/wkx8
+h7rW4Xk7MrLl0auSS1p4wLcAMm+ZImf94+j8Cj+tkr8eGozZceRV13b8+EkdaE3S
+rn/G
+-----END CERTIFICATE-----
+"
+
+ network = stub 'network'
+ terminus.stubs(:network).returns network
+
+ response = stub 'response', :code => "200", :body => cert_string
+ response.stubs(:[]).with('content-type').returns "text/plain"
+ network.expects(:get).returns response
+
+ request = Puppet::Indirector::Request.new(:certificate, :find, "foo.com")
+ result = terminus.find(request)
+ result.should_not be_nil
+ result.name.should == "foo.com"
+ end
end
|
GitWeb